[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 Koha collecto changed: What|Removed |Added CC||k...@collecto.ca -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 mathieu saby changed: What|Removed |Added CC||mathsaby...@gmail.com --- Comment #23 from mathieu saby --- Hi A different timeout for staff and OPAC would be very useful -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 pierre.ge...@biblibre.com changed: What|Removed |Added CC||pierre.ge...@biblibre.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 --- Comment #22 from ddem...@oslri.net --- (In reply to Katrin Fischer from comment #21) > I think the patron category is not ideal, but maybe the web based self check > could get its own sessions as well, while we are at it? I would support that too. Basically a way to force an auto-logoff for staff but still be able to keep our self-check machines logged in for the full day. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 --- Comment #21 from Katrin Fischer --- I think the patron category is not ideal, but maybe the web based self check could get its own sessions as well, while we are at it? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 ddem...@oslri.net changed: What|Removed |Added CC||ddem...@oslri.net --- Comment #20 from ddem...@oslri.net --- I'm going to echo other's sentiments. Ideally Patron Category would be the defining attribute for different time out requirements. We would set our self-check patron category for a longer timeout to ensure even during inactive periods the machine stays logged in. Library Staff users would have a short inactivity period defined to auto-log-out if they're not using the system. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 --- Comment #19 from David Cook --- (In reply to Katrin Fischer from comment #18) > But how do we know if it's an OPAC or a staff side cookie? Maybe naming the > cookies differently and by that allowing to really have separate sessions > independent of setup would be better. Yes that's what I was thinking. We're replace CGISESSID with KOHA_OPAC_SESSID and KOHA_STAFF_SESSID or something like that, and then depending on where the auth is being initiated the appropriate cookie name would be looked up. (That said, I think that might get complicated with the API...so something to investigate further.) > One reason to use ports is to block access to the staff interface in a > firewall. It's a valid configuration option. You mean using access control lists in a firewall? That's true. I suppose that using different ports would be the only way to do it with that setup. I often suggest restricting by IP address at the HTTP/application layer, since it's easy to due on a per-host basis, but there's certainly advantages to restricting access at lower OSI layers. It's good to know that there are other folk out there restricting access to their staff interface. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 --- Comment #18 from Katrin Fischer --- But how do we know if it's an OPAC or a staff side cookie? Maybe naming the cookies differently and by that allowing to really have separate sessions independent of setup would be better. One reason to use ports is to block access to the staff interface in a firewall. It's a valid configuration option. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 --- Comment #17 from David Cook --- (In reply to Katrin Fischer from comment #16) > (In reply to David Cook from comment #15) > > (In reply to Katrin Fischer from comment #14) > > > Not only for our use case - currently it's not possible to set different > > > timeouts even if you are using different sub domains which divides the > > > sessions. > > > > I'm not 100% sure I understand what you're saying. > > > > Different subdomains have different cookies, but in Koha there is only the > > "timeout" syspref. Is that what you mean? > > Yes. So if we added a new "opac_timeout" syspref and hooked it into the Auth system, we'd be able to have separate timeouts for OPAC and staff interface, but only for systems that have separate cookies for the OPAC and staff interface. I figure it's probably worth moving forward on that. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 --- Comment #16 from Katrin Fischer --- (In reply to David Cook from comment #15) > (In reply to Katrin Fischer from comment #14) > > Not only for our use case - currently it's not possible to set different > > timeouts even if you are using different sub domains which divides the > > sessions. > > I'm not 100% sure I understand what you're saying. > > Different subdomains have different cookies, but in Koha there is only the > "timeout" syspref. Is that what you mean? Yes. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 --- Comment #15 from David Cook --- (In reply to Katrin Fischer from comment #14) > Not only for our use case - currently it's not possible to set different > timeouts even if you are using different sub domains which divides the > sessions. I'm not 100% sure I understand what you're saying. Different subdomains have different cookies, but in Koha there is only the "timeout" syspref. Is that what you mean? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 --- Comment #14 from Katrin Fischer --- (In reply to David Cook from comment #13) > (In reply to Katrin Fischer from comment #12) > > You are right that different subdomains will create separate sessions, but I > > think the 99% is wrong. Koha used ports for a long time in its default setup > > and there are still reasons why you would want to do so. We do, with > > packages, use ports, for the installations we support. > > > > And it doesn't solve the problem here... different sessions, one timeout. > > How could you attach a different timeout to each? > > For your case, I think you'd need different cookie names for OPAC and Staff. > Mostly would involve refactoring... Not only for our use case - currently it's not possible to set different timeouts even if you are using different sub domains which divides the sessions. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 --- Comment #13 from David Cook --- (In reply to Katrin Fischer from comment #12) > You are right that different subdomains will create separate sessions, but I > think the 99% is wrong. Koha used ports for a long time in its default setup > and there are still reasons why you would want to do so. We do, with > packages, use ports, for the installations we support. > > And it doesn't solve the problem here... different sessions, one timeout. > How could you attach a different timeout to each? For your case, I think you'd need different cookie names for OPAC and Staff. Mostly would involve refactoring... -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 --- Comment #12 from Katrin Fischer --- (In reply to David Cook from comment #11) > (In reply to Marcel de Rooy from comment #10) > > (In reply to David Cook from comment #9) > > > (In reply to Katrin Fischer from comment #7) > > > > Marked bug 32385 as a dependency for this one. I think in order to have > > > > different timeouts, we need different sessions first. > > > > > > Actually, thinking about this again, you would already have different > > > sessions between the OPAC and staff interface, so long as your hostname is > > > different, which should be 99% of Koha instances... > > > > How do you calculate that 99% ? > > Perhaps I should say 99% of commercially supported Koha instances. Even then > you're right that it's a total guess based off the idea that Koha defaults > to separate hostname for OPAC and staff interface when using Debian > packages, and most commercial support vendors for Koha seem to use Debian > packages. You are right that different subdomains will create separate sessions, but I think the 99% is wrong. Koha used ports for a long time in its default setup and there are still reasons why you would want to do so. We do, with packages, use ports, for the installations we support. And it doesn't solve the problem here... different sessions, one timeout. How could you attach a different timeout to each? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 --- Comment #11 from David Cook --- (In reply to Marcel de Rooy from comment #10) > (In reply to David Cook from comment #9) > > (In reply to Katrin Fischer from comment #7) > > > Marked bug 32385 as a dependency for this one. I think in order to have > > > different timeouts, we need different sessions first. > > > > Actually, thinking about this again, you would already have different > > sessions between the OPAC and staff interface, so long as your hostname is > > different, which should be 99% of Koha instances... > > How do you calculate that 99% ? Perhaps I should say 99% of commercially supported Koha instances. Even then you're right that it's a total guess based off the idea that Koha defaults to separate hostname for OPAC and staff interface when using Debian packages, and most commercial support vendors for Koha seem to use Debian packages. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 --- Comment #10 from Marcel de Rooy --- (In reply to David Cook from comment #9) > (In reply to Katrin Fischer from comment #7) > > Marked bug 32385 as a dependency for this one. I think in order to have > > different timeouts, we need different sessions first. > > Actually, thinking about this again, you would already have different > sessions between the OPAC and staff interface, so long as your hostname is > different, which should be 99% of Koha instances... How do you calculate that 99% ? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 --- Comment #9 from David Cook --- (In reply to Katrin Fischer from comment #7) > Marked bug 32385 as a dependency for this one. I think in order to have > different timeouts, we need different sessions first. Actually, thinking about this again, you would already have different sessions between the OPAC and staff interface, so long as your hostname is different, which should be 99% of Koha instances... -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 --- Comment #8 from David Cook --- (In reply to Katrin Fischer from comment #7) > Marked bug 32385 as a dependency for this one. I think in order to have > different timeouts, we need different sessions first. I was thinking about alternatives but I think you might be right. In theory, an alternative would be to change how we handle timeouts. At the moment, the session is deleted if it's timed out, but we could remove those lines and leave the cleanup to the cleanup_database.pl cronjob. If someone was working in both the staff interface and OPAC, the OPAC could time out and prompt for login while they continued working in the staff interface. Then if they log into the OPAC, both interfaces will use the new session and new session cookie. However, I wonder if a browser might accidentally overwrite the new CGISESSID with the old CGISESSID if a staff interface action happens shortly after the new OPAC login... Maybe different sessions are the way to go. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 David Cook changed: What|Removed |Added CC||dc...@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 Katrin Fischer changed: What|Removed |Added Depends on|32385 | Summary|Different timeout |Different timeout |preference for opac and |preference for OPAC and |intranet|staff interface --- Comment #7 from Katrin Fischer --- Marked bug 32385 as a dependency for this one. I think in order to have different timeouts, we need different sessions first. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32385 [Bug 32385] OPAC and staff (intranet) should not share the same session and cookie -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
